I'm not familiar enough with that system to comment on it specifically. Those types of arrangements in general, where you have a data broker that acts as a public trust or an industry-wide trust generally have the effect of improving cybersecurity day to day, but also of making the system more brittle. One compromise becomes a massive compromise.
I don't know enough to comment on that situation specifically, though.